Verizon Business(VZ) released today a supplemental report to its landmark Data Breach Investigative Report. This new research analyzes data breaches from a vertical industry standpoint, looking at the businesses of financial services, high-tech, retail, and food and beverage.
“The supplemental report provides further insight into the nature of breaches, underscoring that good security does not lend itself to a cookie-cutter approach,” said Dr. Peter Tippett, vice president of research and intelligence, Verizon Business Security Solutions. “Understanding what happens when a data breach occurs is critical to proactive prevention. Through our more targeted analysis, we are hoping to provide answers to businesses around the globe that want to protect not only their data but their reputation.”
For example, financial services face a greater risk from insiders, with deceit and misuse as the most common attacks. On average, attacks take longer and tend to be more sophisticated in this vertical and discovery often takes weeks, although financial services organizations generally learn of breaches more quickly than other types of organizations.
For the other three verticals considered, however, partners represent the chief source of risk, according to the report.
Insider misuse, which refers to using granted resources or privileges, or both, for any unauthorized purpose, is much higher in high-tech. Attacking Web applications represents the most common method of intrusion. Additionally, the percentage of breaches involving intellectual property is higher in the high-tech community.
In retail, many attacks exploit remote access connections, but breaches to Web applications and wireless networks are also common. And retail is highly reliant on third-parties to discover breaches.
As for food and beverage, most breaches originate from external sources but leverage a partner’s trusted remote access connection as the point of entry into online repositories of payment card data. These attacks rely on poor security configurations rather than application or software vulnerabilities, are quickly executed and are highly repeatable.
